Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

restmap.conf - Nothing but example values work?

Drainy
Champion
‎12-23-2011 07:35 AM 
[admin:myendpoint]
match=/mycustom
members=customendpoint

[admin_external:customendpoint]
handlertype = python
handlerfile = setup.py
handleractions = list, edit

The above is some example detail for the restmap.conf for an App provided here;
http://docs.splunk.com/Documentation/Splunk/latest/Developer/SetupExampleCustom

I have spent the most mind numbing hour or two trying to get this to function with any values other than the ones above and it will not have it. If I leave them as they are then it functions perfectly.
The documentation for this isn't great and wondered if anyone had any suggestions or tips?

Following one point in the documentation I changed myendpoint to anything unqiue, I then changed mycustom to mystartof and customendpoint to startofendpoint as it seemed to suggest that the match should be the start of the members value. This also didn't work.

Am I missing something?

Tags (1)
Reply

sideview
SplunkTrust
SplunkTrust
‎03-23-2015 05:01 PM

I think I know something that might be causing your headaches. It's something I ran into years ago too with restmap.conf endpoints, and that was unbelievably frustrating and peculiar until I figured it out.

The python class names must be globally unique across all apps and endpoints. If there are two endpoints that have the same python classname, only one of them will be loaded and the other one will be inexplicably doa. Also if during extended troubleshooting sessions and headbanging exercises, you save versions like "myHandler_backup.py", or "myHandler_take3.py", don't. Splunk will try and load those too, I think even if there's no restmap.conf entry associated with it, and when the classnames match another file's classnames, you guessed it, only one will work.

0 Karma
Reply

the_wolverine
Champion
‎01-09-2013 11:07 AM

Here's another bit of example. I've been slowing piecing together how it all works. Documented examples could be better for sure.
http://splunk-base.splunk.com/answers/24200/good-example-of-a-working-custom-rest-endpoint-but-not-a... (still waiting on someone to actually answer the question.)

Reply

Drainy
Champion
‎12-29-2011 05:09 AM

shameless self bump!

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...